**Query Confusion: How HTTP Parameter Pollution Made the App Spill Secrets **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/query-confusion-how-http-parameter-pollution-made … ⌘ Read more
Securing Apache2 + PHP: Practical guide for safer web hosting
A practical security checklist to harden your Apache2 + PHP stack and protect your web applications from common vulnerabilities.
[Continue reading on InfoSec Write-ups »](https:// … ⌘ Read more
$2,900 Bounty: Public S3 Bucket Exposure in Shopify
How a Simple S3 Misconfiguration Exposed Private Images Across Shopify Stores and Earned a $2,900 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/2-900-bounty-public-s … ⌘ Read more
Hack Any Mobile Phone Remotely
Ethically — but note — this used to work great with phone under android 10
Threat Profiling 101: How to Create a Threat Profile
Learn how to create effective threat profiles to identify and prioritize relevant cyber threats for your organization.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more
$1000 Bounty: Account Takeover via Host Header Injection in Password Reset Flow
Free Article Link: Click for free!
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-boun … ⌘ Read more
** Bypassing Regex Validations to Achieve RCE: A Wild Bug Story**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-4c523f69b9f8?sourc … ⌘ Read more
$750 Bounty: Sensitive Data Exposure
When Deep Links Go Deeply Wrong: The Zomato Insecure WebView Story
** I Slashed My Spring Boot Startup Time to 1.8**
When people complain about Spring Boot being slow, it’s not entirely wrong — but it’s often misunderstood. Out of the box, Spring Boot is…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-sl … ⌘ Read more
Stored XSS Led to OAuth App Credential Theft and Info Disclosure
Hello folks,
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/stored-xss-led-to-oauth-app-credential-theft-and-info-disclosure-85545fca3948?sou … ⌘ Read more
Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About
Let’s Skip the “Sign Up on HackerOne” Talk
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-for-real-tools-tactics-and-truths-no … ⌘ Read more
Equifax Breach: How a $700M Mistake Happened
When Trust Crumbled: The Human Toll of a Single Unpatched Server
Secure your Python applications: Best practices for developers
Practical security tips every Python developer should know — from dependency safety to protecting against injection attacks and securing…
[Continue reading on InfoSec Write … ⌘ Read more
The Ultimate Guide to Email Input Field Vulnerability Testing
Real-world methods and payloads for testing email field security
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-ultimate-guide-to-email- … ⌘ Read more
$800 Bounty: Account Takeover in Shopify
A Simple Trick to Steal Creator Accounts? $800 Bounty for Account Takeover
“Low on Space in Kali Linux? Here’s How I Fixed It and Freed Up GBs”
“I was in the middle of a pentesting session when Kali refused to cooperate.”
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lo … ⌘ Read more
This Simple Domain Hack Is Fooling Millions: Don’t Be Next!
Cybercriminals are using lookalike URLs powered by Punycode to mimic trusted sites and steal your data.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/t … ⌘ Read more
$3750 Bounty: Account Creation with Invalid Email Addresses
How a Simple Email Validation Flaw Earned a $3,750 Bounty
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/3750-bounty-account-creation-with-invalid-em … ⌘ Read more
How To Set Up Your Ultimate OOB Bug-Hunting Server
Having your own hacking server is one of the most important investments you can make in your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-set-up-your-ultimate … ⌘ Read more
↳
In-reply-to
»
@kat I've almost fixed this btw 🤗 Just testing it thoroughly and polihsing the code. In case you're curious, I do this style of development called "Observability Driven Development" (ODD) whereby I make observations of the system via metrics and internal observations and adjust the system's overall behavior to the desired outcome 😅
⤋ Read More
@lyse@lyse.isobeef.org Well you are being slightly rude 🤪 Sure you could write unit tests for this, but in practise testing emergent properties and behaviors of a system is actually a lot harder than you might realize. But I’m happy to always be proven wrong 😑
** How I Found Internal Dashboards Using Google Dorks + OSINT**
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-found-internal-dashboards-using-google-dorks-osint-5f2c9515fcd6?source=rss—-7b7 … ⌘ Read more
Beyond the Click: Writing Introductions That Keep Readers Glued to the Page
Got the click? Now keep them reading! Discover the powerful introduction writing secrets top Medium writers use to hook read … ⌘ Read more
**IDOR Attacks Made Simple: How Hackers Access Unauthorized Data **
IDOR Attacks Made Simple: How Hackers Access Unauthorized Data 🔐
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/idor-attacks-made-simple-h … ⌘ Read more
Why You Can’t Stop Online Scams (Fast Flux Secrets Revealed)
Learn How Fast Flux Helps Cybercriminals Avoid Detection and Keep Their Scams Online
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/why-you-cant-stop-onlin … ⌘ Read more
** Payloads in Plain Sight: How Open Redirect + JavaScript Led to Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/payloads-in-plai … ⌘ Read more
Active Storage’s Big Mistake: A $4,323 Lesson in Session Security
OSle: a tiny boot sector operating system
OSle is an incredibly small operating system, coming in at only 510 bytes, so it fits entirely into a boot sector. It runs in real-mode, and is written in assembly. Despite the small size, it has a shell, a read and write file system, process management, and more. It even has its own tiny SDK and some pre-built programs. The code’s available under the MIT license. ⌘ Read more
Let’s Encrypt: Why You should (and Shouldn’t) use free SSL certificates
Free, fast, and secure — but is Let’s Encrypt the right SSL solution for your website?
[Continue reading on InfoSec Write-ups »](https://infosecwriteup … ⌘ Read more
Crack Windows Password [Ethical Hacking Article]
This Article describes you to reset your windows password by using manipulation technique.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/crack-windows-password-ethical-hacking-artic … ⌘ Read more
$1000+ Passive Recon Strategy You’re Not Using (Yet)
Still using subfinder & sublist3r tools for finding assets while recon??
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/1000-passive-recon-strategy-youre-not-using-yet-164f5b1e … ⌘ Read more
The Ultimate Guide to a Successful Career in Cybersecurity
As a newcomer to cybersecurity, you’re going to encounter a lot of difficulties, and at times, you’ll feel overwhelmed and frustrated.
[Continue reading on InfoSec Write-ups »](https … ⌘ Read more
Prompt Injection in ChatGPT and LLMs: What Developers Must Know
Understanding the hidden dangers behind prompt injection can help you build safer AI applications.
[Continue reading on InfoSec Write-ups »](https://infosecwri … ⌘ Read more
↳
In-reply-to
»
If we must stick to hashes for threading, can we maybe make it mandatory to always include a reference to the original twt URL when writing replies?
⤋ Read More
@movq@www.uninformativ.de Shall I add this to the spec I’m writing? ✍️
** From JS File to Jackpot: How I Found API Keys and Secrets Hidden in Production Code**
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/from-js-file-to- … ⌘ Read more
Lab: Finding and exploiting an unused API endpoint
Art of exploiting using an unused API endpoint
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/lab-finding-and-exploiting-an-unused-api-endpoint-79fa6744f21e?source=rss—-7b72 … ⌘ Read more
Exposing Money Mule Networks on Telegram
How I Mapped 100+ Scam Websites and Channels Using StealthMole
$500 Bounty: Hijacking HackerOne via window.opener
Zero Payload, Full Impact: $500 Bounty for a Tab Hijack
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bounty-hijacking-hackerone-via-window-opener-e16700108e12?source=rss- … ⌘ Read more
** How I bypassed an IP block… without changing my IP?**
Good protection doesn’t just block — it anticipates. But what if you learn to play by its rules… and win anyway?
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-bypass … ⌘ Read more
If we must stick to hashes for threading, can we maybe make it mandatory to always include a reference to the original twt URL when writing replies?
Instead of
(<a href="https://we.loveprivacy.club/search?q=%23123467">#123467</a>) hello foo bar
you would have
(<a href="https://we.loveprivacy.club/search?q=%23123467">#123467</a> http://foo.com/tw.txt) hello foo bar
or maybe even:
(<a href="https://we.loveprivacy.club/search?q=%23123467">#123467</a> 2025-04-30T12:30:31Z http://foo.com/tw.txt) hello foo bar
This would greatly help in reconstructing broken threads, since hashes are obviously unfortunately one-way tickets. The URL/timestamp would not be used for threading, just for discovery of feeds that you don’t already follow.
I don’t insist on including the timestamp, but having some idea which feed we’re talking about would help a lot.
How to Build a Cyber Threat Intelligence Collection Plan
Learn how to build a cyber threat intelligence collection plan to track your intelligence requirements and make them actionable!
[Continue reading on InfoSec Write-ups »](https: … ⌘ Read more
$500 Bug Bounty:Open Redirection via OAuth on Shopify
Exploiting OAuth Errors: A Real-World Open Redirect Bug on Shopify
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bug-bounty-open-redirection-via-oauth-on-shopif … ⌘ Read more
**What Recruiters Look for in a Cybersecurity Resume in 2025 **
Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/what-recruiters-look-for-in-a-cybersecurity-resume-in-2025-dcc81fa3154e?source=rss- … ⌘ Read more